The role of security in the Internet should be to ensure secure e-commerce and to protect privacy by providing accurate, reliable resources and international policies needed to maintain a trusted environment.
In order to provide a solution, we need to first understand and address the psychological behaviors of cyber criminals. Understanding the actual and potential behavior of criminal groups allows creation of appropriate risk mitigation strategies, countermeasures and other safeguards. (Dudek 2011)
Understanding the criminal is not enough, we also need to understand user behavior. Why do people fall for Internet attacks? In example, an online phishing survey conducted by Sheng (2010) concludes that women between the age group of 18-25 are most likely to fall for phishing attacks. Research of this type is crucial in establishing proper security policy and securing payment systems both in established nations as well as developing nations.
One security challenge which prohibits growth potential of future Internet activities such as e-commerce is the disconnect of security policies between countries. In order to provide a secure international business infrastructure, governments, Internet users and technology ecosystems should work together to create common policy, as opposed to a dictatorial intervention that governments are currently presenting. Consumer behavior studies such as Herley (2009) found that users rationally reject security advice, stating that the extra effort needed to comply with security procedures outweighs protection. To solve lack of compliance from the consumer, perhaps involving the consumer in the process of establishing security procedures, by conducting valuable behavioral research, would enable policy makers to form a more accepted policy.
Dudek, J. (2011, January). Forensic Psychology and Fighting Web Threats. Retrieved from http://www.itp.net/583549-forensic-psychology-and-fighting-web-threats
Moore, T., Anderson, R. (2011, March). Economics and Internet Security: a Survey of Recent Analytical, Empirical and Behavioral Research. Retrieved from ftp://ftp.deas.harvard.edu/techreports/tr-03-11.pdf
Herley, C., 2009. So Long, and No Thanks for the Externalities: the Rational Rejection of Security Advice by Users. Proceedings of the New Security Paradigms Workshop (NSPW), pp. 133-144.
Sheng, S., Holbrook, M., Kumaraguru, P., Cranor, L. F., Downs, J., 2010. Who falls for phish?: a demographic analysis of phishing susceptibility and effectiveness of interventions. Proceedings of the 28th International Conference on Human Factors in Computing Systems, pp. 373-382.
No comments:
Post a Comment